Logo

Defender of your Digital Freedom

FAQ on Intermediary Rules

The Central Government notified the Information Technology (Intermediaries Guidelines) Rules, 2011 in April, 2011. The rules which seek to control the intermediaries end up controlling the actions of users. As these rules attempt to cover a wide range of activities through a duplicate, complicated structure, neither the industry nor the end users are able to understand the boundaries of their rights and duties. This FAQ aims at making these rules easy to understand and at sensitising the beneficiaries to the problems that the rules raise.

Who are intermediaries?

Intermediaries are entities that provide services enabling the delivery of online content to the end user Let us look at the players involved in this chain:

Internet Service Providers(ISP) – ISPs like Airtel and MTNL help users to get connected to the internet by means of wired or wireless connections.

Search engines – These are web sites like Google and Bing that help users to search for specific information on the web and provide links to web-sites having content relevant to the search terms given bye the user.

DNS providers – These service providers translate the domain names(eg. www.sflc.in) to addresses (eg. 64.202.189.170) that can be understood by computers.

Web hosts – These are service providers like Godaddy.com that provide space on server computers to place files for various web sites so that these sites can be accessed by users

Interactive websites: This includes social media sites like Facebook and Twitter that act as platforms to store and retrieve content, blogging platforms like Blogspot and WordPress, auction sites like eBay, and payment gateways like PayPal. The pictorial representation gives an overview of the intermediaries involved in a common internet transaction.

Cyber Cafes – It means any facility from where access to the internet is offered by any person in the ordinary course of business to the members of the public. The Information Technology Act, 2000 includes cyber cafes also under the ambit of the definition of intermediaries.

What is intermediary liability?

Interactive websites like blogging platforms, social media and e-auction sites host user-generated content. Sometimes content posted by users could be illegal like content infringing on someone’s copyright or pornographic content. Some acts/laws impose liability on these platforms for hosting /publishing such “illegal” content , irrespective of the fact that the content was not generated by them. This is called “intermediary liability”.

For example, the Delhi High Court, in the case of Avnish Bajaj, the CEO of Baazee.com, the e-auction site where a user had put a pornographic MMS for sale, found that the website which hosted the MMS could be held to be liable for ‘Sale etc… of obscene books’ under Section 292 of IPC as well as Section 67 of IT Act, 2000 relating to publishing of information which is obscene in electronic form.

What is meant by safe harbour protection?

The intermediaries like ISPs, web hosts, social networking sites and blogging platforms provide important tools and platforms that allow users to access the Internet, host content, share files and transact business. Websites like Blogspot, Youtube and Facebook only provide a platform for users to post their content, and do not have any editorial control over this content.

Governments across the world realised that these intermediaries must be given protection from legal liability that could arise out of illegal content posted by users, considering the importance of these intermediaries in the online space and the fact that their mode of operation was quite different from the traditional brick-and-mortar business. Countries like the US and members of the European Union, and India now provide protection to intermediaries from such user generated content. Such protection is often termed as a ‘safe harbour’ protection.

Do intermediaries enjoy safe- harbour protection in India?

Yes, Section 79 of the Information Technology Act, 2000 gives the intermediaries protection from liabilities that could arise out of any legal action initiated on the basis of user generated content.

The safe harbour protection available to intermediaries is conditional upon their observing “due diligence” while discharging their duties and observing guidelines issued by the Government in this regard. These guidelines have now been issued in the form of the Information Technology (Intermediary Guidelines) Rules, 2011. Hence these rules are very important from the standpoint of liability of intermediaries.

 

How do the intermediary rules operate?

The new intermediary rules mandate the intermediaries to impose a set of rules and regulations on users like you and me, the terms of such regulations include a broad list of categories of content which are prohibited from posting online.
Now, any person aggrieved by any content on the internet can ask the intermediaries to take down such content. Intermediaries are obliged to remove access to such content within a period of 36 hours from the time of receipt of the complaint.
The rules do not provide for the creator of the content to respond to this complaint.
In fact, the rules do not even provide for the intermediaries to inform the user who posted the content regarding the complaint.
The intermediaries which do not comply with a take-down notice loses the protection from any legal liability that could arise over the content.
If the intermediaries do not comply with these requests, they lose the safe harbour provisions of Section 79. Just like shooting the messenger for bringing bad news! The process of operation of the rules is explained in this diagram.

What is the kind of content that is restricted under the rules?

You cannot host information that is a
grossly harmful,
harassing,
blasphemous,
defamatory,
obscene,
pornographic,
paedophilic,
libellous,
invasive of another’s privacy,
hateful, or racially, ethnically objectionable,
disparaging,
relating or encouraging money laundering or gambling,
or otherwise unlawful in any manner whatever,
harm minors in any way or
infringes any patent, trademark, copyright or other proprietary right.
These terms are so confusing. Are they defined anywhere?
That’s a little complicated! The terms describing unlawful content are very ambiguous and are not defined either in the rules or in the IT Act, 2000. In fact most of these terms are not defined in any statute for that matter.

So, you are saying that we do not know what these terms mean? Doesn't the normal english language meaning apply to them?

The basic principle of law is that it requires certainty. We need to be told exactly what is allowed and what is prohibited in our country. This list includes terms like obscene, harrassing or infringes any patent, trademark, copyright or other proprietary right amongst others. These terms can mean different things to different people. What is obscene to a certain set of persons may be art to another. What is defamatory for one person may be political satire for others. And proving infringement of proprietary rights is decided by the Judiciary with the help of experts and businesses cannot be closed down merely on the basis of suspicion or whims.

O.K. I am bored and I am not sure if these rules affect me any way?

Well! Watch out what you post next time as your status update, it might offend someone; but in addition to regulating content the rules also deal with government’s power to access user information from the intermediary and the power of the intermediary to disconnect user access.
The Rules mandate intermediaries to co-operate with government agencies and provide information to them for the purpose of verification of identity, or for prevention, detection, investigation, prosecution etc when a request has been made by the agency in writing. This power granted to the Government agencies do not have any system of checks and balances to safeguard the interests of users. The rules also mandate the intermediaries to inform the users that their services can be terminated if they violate the terms of service. So you are left to the mercy of the intermediaries , whether they want you to access the internet or not is their prerogative not yours! This provision could have far serious consequences than the three strikes legislation that has been introduced in countries like France, South Korea and Taiwan.

Will these guidelines affect interactive websites like the ones I spend most of my day on?

Definitely! The guidelines are skewed entirely against the creator of the content i.e. YOU!The rules do not place any burden on the complainant to produce evidence in support of the complaint and do not provide for any penalty on sending frivolous complaints.
The rules could soon result in intermediaries being flooded with complaints burdening them with the task of examining these.And why should they spend their precious time, money and work force on this when its easy to just take down the content or deny access to the user. Also, they are not judicial bodies who know how laws apply.
Another example, there are certain kinds of websites like online forums and service rating where the major purpose of running that website is to provide a platform to the user to express her view. Frivolous complaints could make the operation of such sites unviable.

How will these rules affect me?

back-door censorship mechanism on the internet.
curtailment of your freedom to express opinions
violation of your right to privacy as the intermediaries could be forced to part with user information without any checks and balances.
arbitrary disconnection of services to users based on frivolous complaints.
Back to where we started from, no convenient place to voice your opinions, say anything against anyone or face the ire of the authorities and watch every step you take.

 

Enough of this technical and legal jargon, just tell me what can I do, if I need to do anything?

Well, the Government can annul these rules and come out with new rules which will be in line with the Constitution and the Information Technology Act, 2000. Sflc.in and other organisations have already submitted their representations before the Parliamentary Committee on Subordinate legislation that can give recommendations to the Government to amend the rules. You could also send representations to the Government and the Committee requesting for an amendment to the rules.
The rules are tabled before the Parliament and you could talk to your MPs to move/support motions to get the rules annulled/amended. However, this has to be done in this budget session.
You could also blog about the rules, write articles in media and be involved in activities that would raise awareness about the issue.

FAQ on Draft Amendment of Intermediary Guidelines Rules in India

The Central Government notified the Information Technology (Intermediaries Guidelines) Rules, 2011 in April, 2011. A draft amendment of these Rules has been issued by the Ministry of Electronics and Information Technology (MeitY), ostensibly for dealing with the fake news and misinformation problem. However, the Rules could result in weakening the security and privacy of apps and websites and erode the safe harbour protection available to intermediaries. MeitY is seeking comments to the Draft Rules by 15 January 2019.

This FAQ aims at making these Draft Rules easy to understand and at making various stakeholders aware of the problems with the draft Rules.

Who are Intermediaries?

Intermediaries are entities that provide services enabling the delivery of online content to the end user. Let us look at the players involved in this chain:

Internet Service Providers (ISPs) – ISPs like Airtel and MTNL help users to get connected to the Internet by means of wired or wireless connections.

Search engines – These are websites like Google and Bing that help users to search for specific information on the web. They provide links to websites that have content relevant to the search terms given by the user.

DNS providers – These service providers translate the domain names (eg. www.sflc.in) to addresses (e.g. 13.126.242.41) that can be understood by computers.

Web hosts – These are service providers like GoDaddy.com that provide space on servers to place files for various websites so that these sites can be accessed by users.

Interactive websites – This includes social media sites like Facebook and Twitter that act as platforms to store and retrieve content, blogging platforms like Blogspot and WordPress, auction sites like eBay, and payment gateways like PayPal. The pictorial representation gives an overview of the intermediaries involved in a common Internet transaction.

Cyber Cafes – It means any facility from where access to the Internet is offered by any person in the ordinary course of business to the members of the public. The Information Technology Act, 2000 includes cyber cafes also under the ambit of the definition of intermediaries.

Internet flow chart

What is Intermediary Liability?

Interactive websites like blogging platforms, messaging apps, social media and e-auction sites host / transmit user-generated content. Cyber cafes, free WiFi providers and telecom companies such as providers of broadband and mobile data act as a mere pipeline for people to access the Internet. Sometimes content posted by users could be illegal, like content infringing on someone’s copyright or pornographic content. The intermediaries who host / transmit this content could also be held liable for the content if they do not satisfy the conditions for gaining immunity from such liability laid down by the law.

What is meant by ‘Safe Harbour Protection’?

The intermediaries like telecom service providers, cyber cafes, web hosts, social networking sites and blogging platforms provide important tools and platforms that allow users to access the Internet, host content, share files and transact business. Websites like Blogspot, Youtube and Facebook only provide a platform for users to post their content, and do not have any editorial control over this content.

Governments across the world realised that these intermediaries must be given protection from legal liability that could arise out of illegal content posted by users, considering the importance of these intermediaries in the online space and the fact that their mode of operation was quite different from the traditional brick-and-mortar businesses. Countries like the USA, members of the European Union and India provide protection to intermediaries from such user generated content. Such protection is often termed as a ‘safe harbour’ protection.

Do Intermediaries enjoy Safe-Harbour Protection in India?

Yes, Section 79 of the Information Technology Act, 2000 gives the intermediaries protection from liabilities that could arise out of any legal action initiated on the basis of user generated content.

The safe harbour protection available to intermediaries is conditional upon their observing “due diligence” while discharging their duties and observing guidelines issued by the Government in this regard.

These guidelines have been issued in the form of the Information Technology (Intermediary Guidelines) Rules, 2011. The Ministry of Electronics and Information Technology is now proposing an amendment of these Rules by issuing the Draft Rules. Under the new draft, the roles and responsibilities of intermediaries will be widened, and in turn, the rights of users will be reduced.

How do the Draft Intermediary Rules Operate?

The new intermediary guidelines, mandate the intermediaries to impose a set of rules and regulations on users like you and me. The terms of such regulations include a broad list of categories of content which should not be posted by users.

Up until March 2015, any person aggrieved by any content on the Internet could ask the intermediaries to take down such content. Intermediaries were obliged to remove access to such content within a period of 36 hours from the time of receipt of the complaint. These provisions were read down by the Hon’ble Supreme Court in Shreya Singhal v Union of India and it was held that content needs to be taken down only when directed by a Court order or by the appropriate Government.

As per the Draft Rules, intermediaries are obliged to take down the content on receipt of a court order or a direction from the Government or an agency of the Government within a period of 24 hours. The intermediaries which do not comply with a take-down order lose safe harbour under the Information Technology Act, 2000.

Rules in a nutshell for Intermediaries:

Do’s

  1. Publish Rules / Privacy Policy.

  2. Inform users monthly that their services could be terminated if they don’t comply with the Rules and Privacy Policy.

  3. Assist Government agencies within 72 hours of receiving request and enable tracing out the originator of unlawful information. An originator is the person that first sent a message, image, audio, video or file.

  4. Follow reasonable security practices as prescribed in the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011.

  5. For an intermediary with more than 50 lakh users:

    1. Incorporate as a Company in India

    2. Have a permanent office in India

    3. Appoint a nodal person for coordination with Law Enforcement

  6. On receiving court order/ notification from a Government agency, remove unlawful information within 24 hours.

  7. Preserve unlawful information for 180 days or a longer period as required.

  8. Deploy automated tools to remove unlawful information.

  9. Report cyber security incidents to CERT.IN.

  10. Publish name of Grievance Officer.

  11. Strictly follow provisions of the IT Act or any other laws in force.

Dont’s

  1. Don’t knowingly host prohibited content.

  2. Don’t initiate transmission, select receiver or modify information.

  3. Don’t deploy or install or modify the technical configuration of computer resource which may change or has the potential to change the normal course of operation of the computer resource.

What is the kind of content that is restricted under the Rules?

You cannot host information that is a

  • grossly harmful,

  • harassing,

  • blasphemous,

  • defamatory,

  • obscene,

  • pornographic,

  • paedophilic,

  • libellous,

  • invasive of another’s privacy,

  • hateful, or racially, ethnically objectionable,

  • disparaging,

  • relating or encouraging money laundering or gambling,

  • or otherwise unlawful in any manner whatever,

  • harm minors in any way or

  • infringes any patent, trademark, copyright or other proprietary right.

  • violates any law for the time being in force;

  • deceives or misleads the addressee about the origin of such messages or communicates any information which is grossly offensive or menacing in nature;

  • threatens public health or safety; promotion of cigarettes or any other tobacco products or consumption of intoxicant including alcohol and Electronic Nicotine Delivery System (ENDS) & like products that enable nicotine delivery except for the purpose & in the manner and to the extent, as may be approved under the Drugs and Cosmetics Act, 1940 and Rules made thereunder;

  • threatens critical information infrastructure.

These terms are so confusing. Are they defined anywhere?

That’s a little complicated! The terms describing unlawful content are very ambiguous and most of these are not defined either in the Rules or in the IT Act, 2000. In fact many of these terms are not defined in any statute.

So, you are saying that we do not know what these terms mean? Doesn't the normal English language meaning apply to them?

The basic principle of law is that it requires certainty. We need to be told exactly what is allowed and what is prohibited in our country. In fact, the Hon’ble Supreme Court had struck down Section 66A of the Information Technology Act, 2000, as the terms used in the provisions were ambiguous and vague. This prohibited list includes terms like defamatory, obscene, harassing or infringes any patent, trademark, copyright or other proprietary right amongst others. These terms can mean different things to different people. What is obscene to a certain set of persons may be art to another. What is defamatory for one person may be political satire for others. Proving infringement of proprietary rights is to be done by the Judiciary with the help of experts and businesses cannot be closed down merely on the basis of suspicion or whims.

We are running a start-up which provides an interactive service to users using a website and an app. Do these Rules affect us?

The Rules will bind all intermediaries as defined by the IT Act, 2000, once it is notified. Rule 3(7) of the Draft Rules mandates that the intermediary shall be a company incorporated under the Companies Act. This is applicable only to those intermediaries that have more than 50 lakh users in India or is in the list specifically notified by the Government. Such companies should also have a permanent registered office in India with a physical address and should appoint a nodal person of contact and an alternate senior functionary for 24 X 7 coordination with law enforcement agencies.

O.K. I am bored and I am not sure if these Rules affect me anyway.

Well! Watch out what you post next time as your status update, as it might offend someone or the automated tool deployed by the intermediary could find the content to be illegal resulting in the intermediary terminating your services. In addition to regulating content the Rules also deal with government’s power to access user information from the intermediary.

The Rules mandate intermediaries to cooperate with government agencies and provide information to them for the purpose of verification of identity, or for prevention, detection, investigation, prosecution etc when a request has been made by the agency in writing. This power granted to the Government agencies does not have any system of checks and balances to safeguard the interests of users.

The Rules also mandate the intermediaries to inform the users that their services can be terminated if they violate the terms of service. So you are left to the mercy of the intermediaries. Whether they want you to access the Internet or not is their prerogative, not yours! This provision could have far more serious consequences than the three strikes legislation that has been introduced in countries like France, South Korea and Taiwan.

In short, this will lead to:

  • censorship of content.

  • curtailment of your freedom to express opinions

  • violation of your right to privacy as the intermediaries could be forced to part with user information without any checks and balances.

  • a right for intermediaries to arbitrarily disconnect services of users.

Enough of this technical and legal jargon. Just tell me what can I do.

The Government is accepting comments on these draft Rules till January 15th and Counter comments are accepted till January 28th, 2019. Comments / suggestions may be sent to gccyberlaw[at]meity[dot]gov[dot]in, pkumar[at]meity[dot]gov[dot]in or dhawal[at]gov[dot]in

You could also blog about the Rules, write articles in media and be involved in activities that would raise awareness about the issue.